RBAC on the Web by Smart Certificates

Joon S. Park, Ravi Sandhu

Research output: Chapter in Book/Entry/PoemConference contribution

38 Scopus citations

Abstract

We have described in another paper how to develop and use smart certificates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certificates. To support RBAC, we issued smart certificates - which hold the subjects' role information - and configured a Web server to use the role information in the certificate instead of identities for its access control mechanism. Since the subjects' role information is provided integrity, the Web server can trust the role information after authentication and certificate verification by SSL, and uses it for role-based access control. To maintain compatibility with existing technologies, such as SSL, we used a bundled (containing the subject's identity and role information) smart certificate in the user-pull model.

Original languageEnglish (US)
Title of host publicationRBAC 1999 - Proceedings of the 4th ACM Workshop on Role-Based Access Control
PublisherAssociation for Computing Machinery, Inc
Pages1-9
Number of pages9
ISBN (Electronic)9781581131802
DOIs
StatePublished - 1999
Externally publishedYes
Event4th ACM Workshop on Role-Based Access Control, RBAC 1999 - Fairfax, United States
Duration: Oct 28 1999Oct 29 1999

Publication series

NameRBAC 1999 - Proceedings of the 4th ACM Workshop on Role-Based Access Control

Conference

Conference4th ACM Workshop on Role-Based Access Control, RBAC 1999
Country/TerritoryUnited States
CityFairfax
Period10/28/9910/29/99

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'RBAC on the Web by Smart Certificates'. Together they form a unique fingerprint.

Cite this